Attivo Networks has opened up its ADSecure solution for use with Google Cloud’s Managed Service for Microsoft Active Directory (AD).

Active Directory is a common tool to help businesses organise their users, services, and computers. However because it is a centralised directory that can help people understand networks and gain privileges, it’s a popular target for cyber attackers.

“With more and more organisations moving to the cloud, there is a heightened need to protect their directory services located in the cloud,” comments Attivo Networks VP of product management, Marc Feghali.

Attivo Networks states that its ADSecure solution operates without altering the production AD. It is able to detect unauthorised queries within a managed AD service. This, in turn, can reduce ‘successful enumeration’ risk.

The company explains in more detail that the solution is able to alter a query response and return deceptive objects that misdirect attackers to a decoy when they try to use them.

“By detecting unsanctioned access to AD, security teams receive alerts early in the attack lifecycle, and the attacker is less likely to get the critical AD information they were seeking,” the company states.

ADSecure is also designed to reduce an attack surface by misdirecting attackers into a deception environment that safely gathers TTPs (Tactics, Techniques, and Procedures). This trap can help businesses to develop specific threat intelligence and accelerated response.

According to the two companies, the joint solution enables organisations to deploy Azure IoT modules that can become ‘decoys’ for threat protection.

When attackers attempt to target IoT edge devices, they will discover assets that appear identical to production systems. Any active observation will cause the attack to be redirected into the deception environment. The solution then raises an engagement-based alert that automatically notifies the Azure Security Center.

The solution also gathers forensics and company-specific intelligence on the attack, which can be used to improve the organisation’s security systems.